Scan free
LOWCVE-2023-41836CVSS 3.4

CVE-2023-41836: XSS in FortiSandbox Web Interface

Platform

fortinet

Component

fortisandbox

Fixed in

4.4.1

4.2.5

4.0.7

3.2.5

3.1.6

3.0.8

AI Confidence: highNVDEPSS 0.1%Reviewed: May 2026
View on NVD
Save

CVE-2023-41836 describes a cross-site scripting (XSS) vulnerability within the FortiSandbox web interface. This flaw allows an attacker to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized code execution. The vulnerability impacts FortiSandbox versions ranging from 3.0.4 through 4.4.0. A fix is available from Fortinet.

Impact and Attack Scenarios

Successful exploitation of CVE-2023-41836 allows an attacker to inject arbitrary JavaScript code into the FortiSandbox web interface. This code can then be executed in the context of a user's browser, potentially enabling the attacker to steal session cookies, redirect users to malicious websites, or deface the web interface. The impact is primarily focused on compromising user accounts with access to the FortiSandbox management console. While the CVSS score is LOW, the potential for privilege escalation and data theft warrants immediate attention, especially in environments where the FortiSandbox console is accessible from untrusted networks.

Exploitation Context

CVE-2023-41836 was publicly disclosed on October 13, 2023. While no active exploitation campaigns have been publicly reported, the ease of XSS exploitation means it remains a potential target. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, but the vulnerability's nature makes it likely that such exploits will emerge.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

EPSS

0.09% (26% percentile)

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:F/RL:X/RC:C3.4LOWAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredLowAuthentication level needed to attackUser InteractionRequiredWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityNoneRisk of sensitive data exposureIntegrityLowRisk of unauthorized data modificationAvailabilityNoneRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
Low — any valid user account is sufficient. Basic authenticated access required.
User Interaction
Required — victim must take an action: open a file, click a link, or visit a crafted page.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
None — no confidentiality impact. Attacker cannot read protected data.
Integrity
Low — attacker can modify some data with limited scope or impact.
Availability
None — no availability impact. Service remains fully operational.

Affected Software

Componentfortisandbox
VendorFortinet
Affected rangeFixed in
4.4.0 – 4.4.04.4.1
4.2.1 – 4.2.44.2.5
4.0.0 – 4.0.64.0.7
3.2.0 – 3.2.43.2.5
3.1.0 – 3.1.53.1.6
3.0.4 – 3.0.73.0.8

Weakness Classification (CWE)

CWE-79

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated
Unpatched — 954 days since disclosure

Mitigation and Workarounds

The primary mitigation for CVE-2023-41836 is to upgrade to a patched version of FortiSandbox. Fortinet has released updates to address this vulnerability; refer to the official advisory for specific version details. As a temporary workaround, consider implementing strict input validation and output encoding within the FortiSandbox web interface to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS attacks can also provide an additional layer of protection. Regularly review FortiSandbox configuration for any unusual activity or unauthorized modifications.

How to fix

Update FortiSandbox to an unaffected version. See the Fortinet advisory for more details and specific upgrade instructions.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2023-41836 — XSS in FortiSandbox?

CVE-2023-41836 is a cross-site scripting vulnerability in Fortinet FortiSandbox versions 3.0.4–4.4.0, allowing attackers to inject malicious scripts.

Am I affected by CVE-2023-41836 in FortiSandbox?

If you are running FortiSandbox versions 3.0.4 through 4.4.0, you are potentially affected by this vulnerability. Check the official advisory for details.

How do I fix CVE-2023-41836 in FortiSandbox?

Upgrade to a patched version of FortiSandbox as recommended by Fortinet. Refer to the official advisory for specific version details.

Is CVE-2023-41836 being actively exploited?

While no active exploitation campaigns have been publicly reported, the vulnerability's nature makes it a potential target.

Where can I find the official Fortinet advisory for CVE-2023-41836?

Refer to the Fortinet Security Advisory for details: [https://www.fortinet.com/security/advisory/fortinet-security-advisory/CVE-2023-41836](https://www.fortinet.com/security/advisory/fortinet-security-advisory/CVE-2023-41836)

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs